Using iKeyMan to manage certificates for TLS

You can use the iKeyMan utility to manage certificates in a Transport Layer Security (TLS) configuration.

About this task

For detailed information about completing any of the steps in the procedure, see the iKeyMan documentation Using iKeyMan.


  1. To start IBM® iKeyMan, navigate to the Sametime_install_root/ibm-jre/jre/bin directory.
    The default installation paths for Sametime® are as follows according to operating system:
    • AIX®: /local/notesdata
    • Linux™: /local/notesdata
    • 32-bit Windows™: C:\Program Files\IBM\Domino
    • 64-bit Windows: C:\Program Files (x86)\IBM\Domino
  2. Run the (AIX, Linux) or ikeyman.exe (Windows) program.
    If you receive the following error, see the IBM tech note on resolving the Java restricted access policy for iKeyMan:
    The command cannot complete because your JRE is using restricted policy files.
  3. Use the iKeyMan utility to create a trust store, a key store, or both. For information about setting the trust store and key store on the Sametime server, see the topic Setting up TLS Configuration.